[sudo-workers] sudo 1.8.15b4 released

Todd C. Miller Todd.Miller at courtesan.com
Fri Sep 25 06:07:16 MDT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The fourth beta version of sudo 1.8.15 is now available.

In addition to bug fixes, sudo 1.8.15 includes changes to how the
time stamp files are locked which could use some more extensive
testing.  The upshot is that sudo can now be used multiple times
in a pipeline even when a password is required and the user will
only be prompted once.

For example:

$ sudo -k
$ sudo echo test | sudo cat
Password:
test

I've tested the time stamp changes on Linux, Solaris, HP-UX, AIX
and OpenBSD.  Tests on other systems would be appreciated, especially
backgrounding sudo at the password prompt (or just running it in
the background when a password is required) and then running sudo
again in the same terminal.  This should verify that the time stamp
record is unlocked when sudo is suspended.

In other words:

$ sudo -k
$ sudo id
Password: ^Z

Suspended
$ sudo id
Password: blah
uid=0(root) gid=0(root)

$ fg
sudo id
Password: 

Source:
    http://www.sudo.ws/sudo/dist/beta/sudo-1.8.15b4.tar.gz
    ftp://ftp.sudo.ws/pub/sudo/beta/sudo-1.8.15b4.tar.gz

SHA256 checksum:
    a22e023d42b4f3620510ee2c52797e20b1d74145a611ae0724d97e23f7d5add2
MD5 checksum:
    15c8d7a85776975654dd8e3ef529c5da

Binary packages:
    http://www.sudo.ws/sudo/dist/beta/packages/index.html#binary

For a list of download mirror sites, see:
    http://www.sudo.ws/sudo/download_mirrors.html

Sudo web site:
    http://www.sudo.ws/sudo/

Sudo web site mirrors:
    http://www.sudo.ws/sudo/mirrors.html

Major changes between sudo 1.8.15b4 and 1.8.15b3:

 * The callback is now passed correctly to the PAM conversation
   function.  This allows the on_suspend and on_resume functions to
   be called on system using PAM.

 * Fixed "sudo -k" on Solaris and probably other systems where
   the size of off_t and size_t are different.

Major changes between sudo 1.8.15b3 and 1.8.15b2:

 * Fixed a potential double free introduced in 1.8.15b1 when sudo
   is suspended at the password prompt.

Major changes between sudo 1.8.15b2 and 1.8.15b1:

 * Fixed a bug introduced in sudo 1.8.14 that prevented visudo from
   re-editing the correct file when a syntax error was detected.

 * Fixed a bug where sudo would not relay a SIGHUP signal to the
   command when the terminal is closed and the command is not run
   in its own pseudo-tty.  Bug #719

Major changes between sudo 1.8.15b1 and 1.8.14p3:

 * Fixed a bug that prevented sudo from building outside the source tree
   on some platforms.  Bug #708.

 * Fixed the location of the sssd library in the RHEL/Centos packages.
   Bug #710.

 * Fixed a build problem on systems that don't implicitly include
   sys/types.h from other header files.  Bug #711.

 * Fixed a problem on Linux using containers where sudo would ignore
   signals sent by a process in a different container.

 * Sudo now refuses to run a command if the PAM session module
   returns an error.

 * When editing files with sudoedit, symbolic links will no longer
   be followed by default.  The old behavior can be restored by
   enabling the sudoedit_follow option in sudoers or on a per-command
   basis with the FOLLOW and NOFOLLOW tags.  Bug #707.

 * Fixed a bug introduced in version 1.8.14 that caused the last
   valid editor in the sudoers "editor" list to be used by visudo
   and sudoedit instead of the first.  Bug #714.

 * Fixed a bug in visudo that prevented the addition of a final
   newline to edited files without one.

 * Fixed a bug decoding certain base64 digests in sudoers when the
   intermediate format included a '=' character.

 * Individual records are now locked in the time stamp file instead
   of the entire file.  This allows sudo to avoid prompting for a
   password multiple times on the same terminal when used in a
   pipeline.  In other words, "sudo cat foo | sudo grep bar" now
   only prompts for the password once.  Previously, both sudo
   processes would prompt for a password, often making it impossible
   to enter.

 * Fixed a bug where sudo would fail to run commands as a non-root
   user on systems that lack both setresuid() and setreuid().
   Bug #713.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlYFOPAACgkQWonfon7kcMQsAACgm5EuZHwvGLTvxA16IiRbGTc9
+SUAoLc+a1x1YgnG6FgO8GE82GIxoOMB
=/R7q
-----END PGP SIGNATURE-----


More information about the sudo-workers mailing list